TheSupe87 - Fotolia
New U.S. cybersecurity legislation designed to prevent future data breaches continues to be debated by U.S. legislators, and consumer privacy remains a sticking point. Bills such as the Protecting Cyber Networks Act (PCNA) propose systems for private companies to share information about cyber threats with government agencies. Opponents fear that including this type of information sharing in cybersecurity legislation will hurt privacy by helping the U.S. government collect consumer data for law enforcement or surveillance purposes.
Proposed cybersecurity bills such as PCNA continue to raise questions about what U.S. citizens are willing to give up to prevent massive data breaches that have become the norm. Most agree that there should be some sort of cybersecurity legislation, but consumer data privacy remains a major priority. In this #GRCChat recap, participants discuss how cybersecurity legislation could affect privacy and what precautions should be taken to protect consumer data.
Will data sharing policies proposed in cybersecurity legislation hurt consumer privacy? Why or why not?
Although cybersecurity legislation is meant to protect consumer privacy, some think that it would actually undermine it. Detractors of cybersecurity legislation specifically worry about the amount of consumer data that would be available to the government should proposed bills become law. #GRCChat participants acknowledged privacy is a legitimate concern, but added that data sharing stipulations may be necessary:
A3 Privacy advocates are understandably concerned about gov data sharing, and fed using info for surveillance/crime investigations #GRCchat— Ben Cole (@BenjaminCole11) May 7, 2015
A3 Not doing anything could be worse: proposed laws are designed to prevent recent hacks of customer data at major retailers #GRCchat— Ben Cole (@BenjaminCole11) May 7, 2015
A3 The question is does consumer privacy suffer more with or without legislation? Is legislation a necessary evil, in other words? #GRCchat— Nicole Laskowski (@TT_Nicole) May 7, 2015
Although some #GRCchat-ters agreed that cybersecurity legislation is needed, they added that current proposed legislation is lacking from a consumer privacy standpoint:
The lack of a consumer presence wasn't the only fault found with proposed cybersecurity legislation. Participants thought that bills often demonstrated a lack of knowledge regarding technology and suggested that more experts should be consulted when creating cybersecurity legislation:
What privacy protections must be in cybersecurity legislation to ensure consumer data is not violated?
Participants discussed how some consumer data privacy sacrifices might be necessary to protect information under cybersecurity legislation, but added there is still a need for controls on what exactly the government can and cannot do with consumer data.
A5 citizens/consumers will likely have to get used to at least some public/private sector info sharing to protect cybersecurity #GRCchat— Ben Cole (@BenjaminCole11) May 7, 2015
One participant stated that cybersecurity legislation still has a long way to go, especially when it comes to transparency:
SearchCompliance site editor Ben Cole advocated for finding the right mix of government involvement and privacy protection, before pointing out the problem that innovation presents: New tech could either provide more security, or create new opportunities for data breaches.
A5 Will be very difficult, but gov has to find the right balance between U.S. cybersecurity strategy and privacy protection #GRCchat— Ben Cole (@BenjaminCole11) May 7, 2015
How do you think cybersecurity legislation will affect consumer data privacy? Sound off in the comments section below.
Security information sharing needed, says government cybersecurity experts
Finding the line between data analytics and consumer data privacy
A look at past cybersecurity legislation with the Cybersecurity Act of 2009